From owner-freebsd-security@FreeBSD.ORG Tue Apr 8 21:17:37 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 095BCB7B for ; Tue, 8 Apr 2014 21:17:37 +0000 (UTC) Received: from smtp.peterschmitt.fr (smtp.peterschmitt.fr [IPv6:2a01:4f8:a0:72c8:4224::1]) by mx1.freebsd.org (Postfix) with ESMTP id BDA08165B for ; Tue, 8 Apr 2014 21:17:36 +0000 (UTC) Received: from [192.168.1.121] (89-159-92-168.rev.dartybox.com [89.159.92.168]) by smtp.peterschmitt.fr (Postfix) with ESMTPSA id 5D61C60157; Tue, 8 Apr 2014 23:17:19 +0200 (CEST) Message-ID: <5344679D.4050707@peterschmitt.fr> Date: Tue, 08 Apr 2014 23:18:21 +0200 From: Florent Peterschmitt User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.4.0 MIME-Version: 1.0 To: Mark Boolootian , Chris Nehren , freebsd-security@freebsd.org Subject: Re: FreeBSD's heartbleed response References: <20140408174210.GA5433@behemoth> <5344427B.3060205@peterschmitt.fr> <20140408192638.GA34745@funkthat.com> In-Reply-To: <20140408192638.GA34745@funkthat.com> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dntjKxN5hicMLjcjRIhnP0RjwabLoA6os" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 21:17:37 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --dntjKxN5hicMLjcjRIhnP0RjwabLoA6os Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Do we need to fetch them from the Internet? Local packages can do the job, nope? But it will lead to kind of bootstrapping=85 or everything as packages bootstrapped once for all. And yes, it will not be some pie (a french stock phrase meaning it will be hard, translated word for word :) ). On 08/04/2014 21:26, John-Mark Gurney wrote: > Florent Peterschmitt wrote this message on Tue, Apr 08, 2014 at 20:39 += 0200: >> On 08/04/2014 19:46, Mark Boolootian wrote: >>> While it may not be quite what you're looking for, ports contains >>> OpenSSL 1.0.1g. >> >> Why not moving critical parts of the basesystem to ports, that will be= >> installed at system installation of course? >=20 > Because we have programs in base that depend upon OpenSSL... so, > moving OpenSSL out of base is not really an option, unless you want > to remove fetch, hostapd, pkg, and wpa_supplicant from the base system,= > we are stuck w/ OpenSSL in base... >=20 > yes, there is pkg there, how are you going to fetch packages to install= > if you don't have that? >=20 > btw, all found w/ ldd /usr/bin/* /usr/sbin/* 2>/dev/null | less and > searching for libssl... >=20 --dntjKxN5hicMLjcjRIhnP0RjwabLoA6os Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBAgAGBQJTRGedAAoJEFr01BkajbiBIPoP/RkdZ6kwv5w4z/WDGLmwk6Yp fLpDxRuzF4Z/7Qt4BBWmf5wMjAJZieJmO3QGfQwIuPVwjLAIWMbWdEX0eOCMWZDh 1Y3PiCrKJZYCHNSSpEBtZScwpi/RgEBbF30Jq7ZW5W0s2/veqQLB4/ChcSqcF6Y3 SR2CfsV3DaEQ8rs3LN2mDq5LUJ6tzub70UbOT8fW53ufm4PleTQjcsiBGj6uCV78 mfM8bJSn/FgvPpoSDfn/8/eOOXrz9KUT4xP5rfrxgNEmNfPTTEDv8kC7ItFvOj/w CLllkDJOXjgJoCBzVd6Mi3GyiwxDuZ4vrrjoC2DckeWwRYwABAjJuIr40Om8jI4q 8TNC7Ol9Sbu3b90VRufgXx+cyqMXxEVQzVUtJI0uJnYLdu/sTxLc6oiqAM+ayQTz G61lVcFZkcrnipj8w6fO4yD4OlFCLEzAxgAFu3mkwXzoKBPsiFi2FZkLLvRIPjFT Fxe3U3wq5ne0lG7MIXKH592L/RCPUm5p+WYEovYyhrGC3CCJOYCx7nMoFff1JAQm v6W67hetnonh6k2cd59PABlVyUM+wKdhmDFxKPuXy6/0nmn/7fmbTG9KOc/BlBa3 onuarPsNTe3ngQvnOQscof/e+gUb2Ed6Bi2OE6WaawdzR1LS/jotLcbH09h3fgK0 CrkqK2HxpXxtTqa7c5im =iyg9 -----END PGP SIGNATURE----- --dntjKxN5hicMLjcjRIhnP0RjwabLoA6os--